Certificate Signing Request

In order to obtain a certificate, you must first generate a Certificate Signing Request (CSR). Instructions for generating CSRs for various SSL environments can be found at Comodo's Knowledgebase. Since it is assumed that most server environments will be either OpenSSL-based or Java-based, examples for those two cases are given here.

For the examples below, the server hostname is "example.xsede.org".

You may optionally specify a contact email address which will receive notification for certificate expiration. In the example below, this is done with the "user@xsede.org" email address.

OpenSSL

If you do not have a private key, the following command will generate a new CSR (example-xsede-org.csr) and the associated private key (example-xsede-org.key) in one step.

Multiple Domains

If you are requesting an InCommon or IGTF Multi Domain Certificate, you can include the extra SubjectAltName (SAN) entries in the certificate signing request (CSR). This saves XSEDE staff time processing your request as well as guarantees that your certificate has the extra domains you want.

First, you need to create a configuration file with values needed by OpenSSL for the SANs. For this example, assume the desired hostname is "example.xsede.org", and there are three additional hosts to secure named "example1.xsede.org", "example2.xsede.org", and "example3.xsede.org".